Keep on Bluekeepin’ on
TomSellers added a new option to the increasingly useful Bluekeep Scanner module that allows execution of a DoS attack when running the module. This adds a new level of effectiveness in proving the severity of this vulnerability.
As part of this update, TomSellers moved and refactored a lot of the RDP specific framework code into a new mixin. Not only did this provide a lot of cleanup, but it also makes it much easier to utilize this code in future modules that take advantage of RDP. Please feel free to utilize this work when crafting your next RDP-utilizing module.
Tika look at this
Community member h00die has added a module for exploiting an RCE vulnerability in the Apache Tika OCR functionality. This simple, yet effective, module takes advantage of unprotected system commands that are executed when Apache Tika executes its OCR endpoint by passing in the commands you want to execute in the body of the request. If you find a vulnerable version of this software on an engagement you could easily “Tika mas-ALL-a their boxes over”. See David Yesland's write-up on exploiting the vulnerability here.
New modules (2)
- Apache Tika Header Command Injection by David Yesland, Tim Allison, and h00die, which exploits CVE-2018-1335
- Xymon Daemon Gather Information by Markus Krell and bcoles, which exploits CVE-2016-2055
Enhancements and features
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
We recently announced the release of Metasploit 5. You can get it by cloning
the Metasploit Framework repo (master branch). To install fresh without using git,
you can use the open-source-only Nightly Installers or the binary installers
(which also include the commercial editions).